Managing the Insider Threat Managing the Insider Threat: No Dark Corners and the Rising Tide Menace, Second Edition follows up on the success of – and insight provided by – the frst edition, refram- ing the insider threat by distinguishing between sudden impact and slow onset (aka “ris- ing tide”) insider attacks. This edition is fully updated with coverage from the previous edition having under- gone extensive review and revision, including updating citations and publications that have been published in the last decade. Three new chapters drill down into the advanced exploration of rising tide threats, examining the nuanced complexities and presenting new tools such as the loyalty ledger (Chapter 10) and intensity scale (Chapter 11). New explorations of ambiguous situations and options for thwarting hostile insiders touch on examples that call for tolerance, friction, or radical turnaround (Chapter 11). Additionally, a more oblique discussion (Chapter 12) explores alternatives for bol- stering organizational resilience in circumstances where internal threats show signs of gaining ascendancy over external ones, hence a need for defenders to promote clearer thinking as a means of enhancing resilience against hostile insiders. Coverage goes on to identify counters to such pitfalls, called lifelines, providing examples of questions rephrased to encourage clear thinking and reasoned debate with- out inviting emotional speech that derails both. The goal is to redirect hostile insiders, thereby offering alternatives to bolstering organizational resilience – particularly in cir- cumstances where internal threats show signs of gaining ascendancy over external ones, hence a need for defenders to promote clearer thinking as a means of enhancing resilience against hostile insiders. Defenders of institutions and observers of human rascality will fnd, in Managing the Insider Threat, Second Edition, new tools and applications for the No Dark Corners approach to countering a vexing predicament that seems to be increasing in frequency, scope, and menace. Managing the Insider Threat No Dark Corners and the Rising Tide Menace Second Edition Nick Catrantzos Cover image: klyaksun/Shutterstock Second edition published 2023 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2023 Nick Catrantzos First edition published by CRC Press 2012 Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microflm- ing, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www. copyright. com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact mpkbookspermissions@ tandf. co. uk Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identifcation and explanation without intent to infringe. Library of Congress Cataloging‑in‑Publication Data Names: Catrantzos, Nick, author. Title: Managing the insider threat : no dark corners and the rising tide menance / Nick Catrantzos. Description: 2nd edition. | Boca Raton : CRC Press, 2023. | Includes bibliographical references and index. Identifers: LCCN 2022026013 (print) | LCCN 2022026014 (ebook) | ISBN 9781032274201 (hardback) | ISBN 9781032274249 (paperback) | ISBN 9781003292678 (ebook) Subjects: LCSH: Corporations--Security measures. | Employee crimes--Prevention. | Sabotage in the workplace--Prevention. Classifcation: LCC HD61.5 .C37 2023 (print) | LCC HD61.5 (ebook) | DDC 658.4/73--dc23/eng/20220601 LC record available at https://lccn.loc.gov/2022026013 LC ebook record available at https://lccn.loc.gov/2022026014 ISBN: 978-1-032-27420-1 (hbk) ISBN: 978-1-032-27424-9 (pbk) ISBN: 978-1-003-29267-8 (ebk) DOI: 10.4324/9781003292678 Typeset in Sabon by Deanta Global Publishing Services, Chennai, India Contents Foreword xvii Preface to the First Edition xix Preface to Second Edition xxi About the Author xxiii PART I UNDERPINNINGS Chapter 1 The Problem and Limits of Accepted Wisdom 3 Introduction 3 The Problem 4 Terms of Reference 4 Historical Approaches 5 Types of Studies on Hostile Insiders 6 Studies Focusing on Motivations 6 Studies Focusing on Compilations and Cases 7 Studies Focusing on Cyber Insiders and More Controls 8 Losing Sight of Mortal Threats by Aggregating Cases Too Liberally 9 Limits of Cyber-Centric Bias 9 Implications 9 Questions for Online or Classroom Discussion 10 Exercises for Group Projects 10 Notes 11 Chapter 2 Groundbreaking Research and Findings 15 Delphi Research on Insider Threat 15 Initial Research Findings Confrming Accepted Wisdom 17 Alternative Analysis Takes Shape 18 Why Infltrator vs. Disgruntled Careerist? 18 Infltrator’s Challenges vs. Defender’s Capacity 20 Infltrator Step 1: Get Through Screening 21 v vi Contents Infltrator Step 2: Gather Information 22 Infltrator Step 3: Exploit Vulnerabilities 24 The Alternative 24 Balancing Trust and Transparency: The Co-Pilot Model 26 Contrast with Traditional Strategy 27 New Insider Defenses 28 Close Probation 28 Transparency on the Job 28 Team Self-Monitoring 29 Comparison with Other Security Strategies 29 Questions for Online or Classroom Discussion 32 Exercises for Group Projects 32 Notes 33 Chapter 3 Agents of Change: Corporate Sentinels 37 Introduction 37 Key Activities 38 Corporate Sentinels Examined 39 Traditional Role 39 Expertise and Alienation 39 Sentinel Alienation 42 Perfunctory Adaptation 42 Imperial Overreach or Power Play 43 Cronyism or Favor Exchange 43 Transformational Role in a No Dark Corners Approach 43 A Sentinel’s Guide to People Security 44 Human Relationships 44 The Dishonest Employee 45 Management Responsibility in Loss Prevention 45 Procedural Controls 46 Pre-Employment Screening 46 Personal Safety and Self-Defense 46 Workplace Violence 47 Unfair Labor Practices 48 Security and Civil Rights 49 On Balance 51 Questions for Online or Classroom Discussion 53 C ontents vii Exercises for Group Projects 53 Notes 54 Chapter 4 Agents of Change: Leaders and Co-pilots 57 Introduction 57 Leadership’s Attitude to Sentinels and Defenses 59 Where to Begin 59 Know Your World 59 Start Somewhere 61 At Least Ask 62 Why Leaders Falter 62 The Issue-Attention Cycle Meets Insider Threats 63 Phase 1: Pre-Problem 64 Phase 2: Alarmed Discovery 64 Phase 3: Awareness of Diffculties 64 Phase 4: Gradual Decline of Public Interest 65 Phase 5: Post Problem 65 Alternative Approach 68 Another Opportunity: Rotational Assignments 70 Questions for Online or Classroom Discussion 71 Exercises for Group Projects 71 Notes 72 PART II SUDDEN IMPACT DEFENSES Chapter 5 Rethinking Background Investigations 77 Sudden Impact Defenses as Basic Essentials 77 Background on Backgrounds 78 Traditional Background Investigation Process 79 Identity Verifcation 80 What Gets Investigated and How 80 Credentials and Credibility 81 Where Blurred Accountability Comes with a Price 81 Other Red Flags Often Unseen 82 Adjudication of Adverse Findings 83 Transformational Opportunities with a No Dark Corners Approach 84 Making a Team Out of Warring Camps 84 Alternative Process: Adjudication by Team vs. Fiat 84 viii Contents Resolving Differences 85 Ramifcations for the Entire Process 86 Who Should Perform the Background Investigation? 86 Case Study: A David Takes on Goliath in Pre-Employment Background Investigations 87 An Overlooked Problem: Investigating the Non-Employee 89 Access the Real Issue 89 Knowledgeable Escort 90 Questions for Online or Classroom Discussion 93 Exercises for Group Projects 93 Notes 94 Chapter 6 Deception and the Insider Threat 97 Introduction 97 Deception’s Role 97 Inadequacy of Defenses 98 Representative Methods for Detecting Deception 99 What Do Polygraph Examiners Know About Deception? 99 The Reid Technique 100 Background 100 Key Features 101 Limitations 101 The Wicklander-Zulawski Method 102 Background 102 Key Features 102 Limitations 103 Scientifc Content Analysis (SCAN) 105 Background 105 Limitations 106 Other Techniques for Detecting Deception 106 Cross-Examination 107 Background 107 Key Features 107 Limitations 107 Behavioral Detection 107 Background 107 Key Features 109 Limitations 110 Contents ix The Deceiver’s Edge 110 What Makes a Good Liar 110 No Dark Corners Applications 111 Interrogation 112 Application 112 Debriefng 113 Application 113 Interviewing 113 Application 114 Conversation 114 Application 114 Elicitation 115 Application 115 Where to Expect Deception from Trust Betrayers 115 The Infltrator’s Deception 117 Deceptions Possible in Screening Process 117 Deceptions Possible During Probation Period 118 Deceptions Possible after Probation While Seeking Vulnerabilities: 118 The Disgruntled Insider’s Deception 119 Deceptions Possible in Screening Process 119 Deceptions Possible During Probation Period 120 Deceptions Possible after Probation While Seeking Vulnerabilities 121 The Detection Dilemma 121 Context-Based Anomaly Detection 122 At Least Ask 124 Know Your World 124 Start Somewhere 125 The What-if Discussion 125 Sample Scenarios 126 Scenario 1: A Bad Feeling Early On 126 Questions to Explore 128 Scenario 2: A Rising Tide of Concern 129 Questions to Explore 130 Deception’s Role in Scenarios 132 Questions for Online or Classroom Discussion 132 Exercises for Group Projects 133 Notes 133